Closed DAnsell closed 9 years ago
We don't support anything beyond true/false - we know that this is a limitation but v2 is "done". If you want to add that feature, we can talk about it.
Ok, thanks Dominick. I wasn't expecting any changes in v2, it was more along the lines of whether there was any type of exception we could throw within ValidateUser that could propagate back to the client with information intact.
No - don't think so.
Hi
We’re using identity server in an active authentication scenario and have an implementation of the IUserRepository interface in which ValidateUser calls a WCF service for authentication. Everything is working fine, however if the authentication fails for a reason other than the credentials being invalid (e.g. if the user’s account is locked) we’d like to be able to return that information to the user. Given that the ValidateUser returns a bool, what’s the best way to achieve this? If the WCF service throws a fault exception and that is re-thrown by the user repository then the client receives a MessageSecurityException (which is fair enough) but any information in the exception is lost. The same thing happens if we throw a SecurityException.
I’m aware that providing information about the cause of a logon failure is in itself a potential security breach, but a locked account is something that can occur in our environment and we're required to let our users know.
Any help would be greatly appreciated
Cheers